A location service architecture in advanced mobile communication networks, e.g., second generation (2G), 2.5G and 3G mobile networks such as those known as the Global System for Mobile Communication, General Packet Radio System and Universal Mobile Telecommunications System (GSM/GPRS/UMTS) networks, is currently being defined and developed. However, the effort to define the location service architecture in the wireless local area network (WLAN) area is just beginning.
A problem that can be foreseen is that an unsecured location service system is vulnerable to unauthorized access to obtain a mobile user's location information. The Internet Protocol (IP) addresses of a mobile terminal, and its current attached wireless access network, can reveal a considerable amount of location information about the mobile terminal. In addition, an unencrypted and clear transmission of a mobile user's naming information exposes the identity of the mobile user to the outside world. Any or all of these factors may cause the location information of a mobile user to become available to unauthorized parties.
While many mobile users appreciate the convenience and the inherent value of location-based services (e.g., emergency rescue, child monitoring, etc.), a concern exists that their location information may be subject to unauthorized access and possibly undesirable exploitation. It is therefore important to define and develop end-to-end, comprehensive solutions to protect the privacy of the mobile user's location information.
There are several location privacy threats. In general, the location privacy problem can be viewed requiring an identification of what mechanisms can reveal the mobile user's location information. The identity disclosure mechanisms can include the mobile user's IP routing information, an unsecured location service system, the mobile user's location-based service provider, the user's mobile operator location server and the presence of the mobile user's identity on the network.
Of the foregoing location disclosure mechanisms, the mobile user's identity protection is of the most concern to the teachings of this invention.
In the existing location service-based techniques it is assumed that the location server in the wireless access network can always be trusted. Therefore, the full identity information of the mobile user is presented to the location server.
While in some wireless networks (such as UMTS) the location server is trusted, there are an increasing number of wireless access networks (e.g., hot spot wireless LAN) in which the location server is “non-trusted”, and the combined identity information and location information in the non-trusted location server may be revealed to the other parties without mobile user's consent. Such disclosure may be done by the non-trusted location server, or by other parties having unauthorized access to data stored in the location server.
In the hot spot wireless networks in particular it is quite easy for the location server to have knowledge of the location information of the mobile device. For example, the mere fact that the mobile device is connected to an access point is sufficient to pinpoint its location quite accurately, due to the knowledge of the location of the access point and the short range of such connections.
A prior art approach, known as a Temporary Mobile Subscriber Identity (TMSI) in GSM/UMTS, was designed for wireless networks having a trusted location server, and thus offer no protection for the mobile user's location privacy when connecting to a wireless access network having a non-trusted location server. The TMSI only protects the mobile user's identity on the air link between the mobile terminal and the location server. The location server in GSM/UMTS is assumed, however, to be trusted, and has the knowledge of the actual identity of the mobile user (in the form of the International Mobile Subscriber Identity, or IMSI). Thus, the use of the TMSI in GSM/UMTS does not protect the mobile user's location privacy from the non-trusted location server.
A publication that describes the TMSI is: 3GPP TS 23.003, “Third Generation Partnership Project; Technical Specification Group Core Network; Numbering, addressing and identification (Release 5)”, www.3gpp.org.
Prior to this invention, no satisfactory solution existed for adequately protecting the privacy of the mobile user's network identity and, hence, the mobile user's location information.